Rate limits

Download AsyncAPI spec

Events emitted when API rate limits are exceeded for a tenant or user in a Qlik Cloud environment. These events enable monitoring of rate limit violations for performance optimization.

These events are available for consumption via:

Rate limit exceeded

Published when a rate limit has been reached or exceeded. The rate limit decision is in the data property and includes whether the limit is enforced (enforce), what entity is affected (appliesTo - TENANT or USER), validity period (validUntil), top contributing users (users), and affected endpoints (includes/excludes).

Payload

object
  • idstring
    Required

    Identifies the event.

    minLength = 1

  • timestring

    Timestamp of when the occurrence happened. Must adhere to RFC 3339.

    minLength = 1, format = "date-time"

  • typestring
    Required

    Unique identifier for the event type.

    default = "com.qlik.v1.rate-limit.exceeded"

  • sourcestring
    Required

    The source of the event.

    Can be one of: "com.qlik/rate-limiter"

    default = "com.qlik/rate-limiter"

  • specversionstring
    Required

    The version of the CloudEvents specification which the event uses.

    minLength = 1

  • datacontenttypestring

    Content type of the data value. Must adhere to RFC 2046 format.

    minLength = 1, default = "application/json"

  • hoststring

    Unique identifier for event producer.

  • useridstring
    Required

    Unique identifier for the user related to the event.

  • authtypestring

    Type of principal that triggered the occurrence.

  • tenantidstring
    Required

    Unique identifier for the tenant related to the event.

  • authclaimsstring

    A JSON string representing claims of the principal that triggered the event.

  • tracestatestring

    A comma-delimited list of key-value pairs.

  • traceparentstring

    Contains a version, trace ID, span ID, and trace options.

  • dataobject

    Rate limit decision containing the affected entity (tenant or user), top contributing users, and matched endpoint configurations.

    Show data properties
    • idstring
      Required

      Unique identifier for the decision.

    • typestring
      Required

      Type of traffic to be limited.

      Can be one of: "rest"

    • usersarray of objects

      Users contributing most to the rate limit decision.

      Show users properties
      • userIdstring

        Identifier of the user contributing to the rate limiting decision.

      • requestsinteger

        Number of requests in the last sliding window.
    • tierIdstring

      Identifier of the tier where the limit has been reached.

    • enforceboolean
      Required

      Whether the rate limit decision should be enforced.

    • excludesarray of objects

      Request matching configurations that are excluded from the exceeded tier.

      Show excludes properties
      • pathstring

        Path to be matched.

      • queryarray of objects

        Query parameters to be matched.

        Show query properties
        • paramstring

          Name of the query parameter.
      • methodstring

        Method to be matched.

        Can be one of: "GET""HEAD""POST""PUT""DELETE""CONNECT""OPTIONS""TRACE""PATCH"

      • pathTypestring

        How to match the path against incoming API requests. EXACT matches only the exact path, such as /v1/themes matching only /v1/themes. PREFIX matches any path starting with this value, such as /v1/themes matching /v1/themes, /v1/themes/123, or /v1/themes/123/file.

        Can be one of: "PREFIX""EXACT"

    • includesarray of objects

      Request matching configurations that are included in the exceeded tier.

      Show includes properties
      • pathstring

        Path to be matched.

      • queryarray of objects

        Query parameters to be matched.

        Show query properties
        • paramstring

          Name of the query parameter.
      • methodstring

        Method to be matched.

        Can be one of: "GET""HEAD""POST""PUT""DELETE""CONNECT""OPTIONS""TRACE""PATCH"

      • pathTypestring

        How to match the path against incoming API requests. EXACT matches only the exact path, such as /v1/themes matching only /v1/themes. PREFIX matches any path starting with this value, such as /v1/themes matching /v1/themes, /v1/themes/123, or /v1/themes/123/file.

        Can be one of: "PREFIX""EXACT"

    • appliesTostring
      Required

      Entity type the decision applies to.

      Can be one of: "TENANT""USER"

    • validUntilstring
      Required

      Timestamp until which the decision remains valid.

com.qlik.v1.rate-limit.exceeded

Example payload of the "Rate limit exceeded" event

{
  "id": "A234-1234-1234",
  "time": "2021-11-10T08:50:00Z",
  "type": "com.qlik.v1.rate-limit.exceeded",
  "source": "com.qlik/rate-limiter",
  "specversion": "1.0",
  "datacontenttype": "application/json",
  "host": "rate-limiter-pod-12345",
  "userid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "authtype": "service_account",
  "tenantid": "VZhiEfgW2bLd7HgR-jjzAh6VnicipweT",
  "authclaims": "{\\\"iss\\\":\\\"qlik.api.internal/service\\\",\\\"sub\\\":\\\"service\\\",\\\"subType\\\":\\\"service\\\"}",
  "tracestate": "b3=05ec17ed8adb7726ecceac3ef58f466f-c05c51826dbc3307-1",
  "traceparent": "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01",
  "data": {
    "id": "id123",
    "type": "rest",
    "users": [
      {
        "userId": "id123",
        "requests": 25
      }
    ],
    "tierId": "1",
    "enforce": true,
    "excludes": [
      {
        "path": "/v1/themes",
        "query": [
          {
            "param": "filter"
          }
        ],
        "method": "GET",
        "pathType": "PREFIX"
      }
    ],
    "includes": [
      {
        "path": "/v1/themes",
        "query": [
          {
            "param": "filter"
          }
        ],
        "method": "GET",
        "pathType": "PREFIX"
      }
    ],
    "appliesTo": "TENANT",
    "validUntil": "2021-11-10T08:50:00+01:00"
  }
}